Hexmen Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Linguaggio

en	996
zh	4

Nazione

us	998
cn	2

Attori

Hexmen	2

Interesse

Genere

Not Defined	6
E-Commerce Management Software	4
Digital Media Player	4
Database Software	2
Wireless LAN Software	2

Fornitore

TRENDnet	6
SourceCodester	4
Apple	4
Oracle	2
Netgear	2

Prodotto

SourceCodester E-Commerce System	4
TRENDnet TEW-652BRP	4
Apple tvOS	4
TRENDnet TEW-811DRU	2
Oracle Database Server	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	TRENDnet TEW-652BRP Web Interface ping.ccp escalazione di privilegi	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.05	CVE-2023-0640
2	TRENDNet TEW-811DRU httpd guestnetwork.asp buffer overflow	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00060	0.05	CVE-2023-0617
3	Netgear WNDR3700v2 Web Interface denial of service	4.3	4.2	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00135	0.02	CVE-2023-0850
4	TRENDnet TEW-811DRU httpd security.asp buffer overflow	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.07	CVE-2023-0613
5	TRENDnet TEW-652BRP Web Service cfg_op.ccp buffer overflow	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.02	CVE-2023-0618
6	TRENDnet TEW-652BRP Web Management Interface get_set.ccp escalazione di privilegi	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.04	CVE-2023-0611
7	TP-Link Archer C50 Web Management Interface denial of service	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00074	0.02	CVE-2023-0936
8	TRENDnet TEW-811DRU Web Management Interface wan.asp buffer overflow	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00133	0.03	CVE-2023-0637
9	SourceCodester Alphaware Simple E-Commerce System sql injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.07	CVE-2023-1504
10	Ubiquiti EdgeRouter X OSPF escalazione di privilegi [Contestazione]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00934	0.05	CVE-2023-1458
11	SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.03	CVE-2023-1503
12	SourceCodester E-Commerce System setDiscount.php sql injection	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.02	CVE-2023-1505
13	SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.04	CVE-2023-1502
14	SourceCodester E-Commerce System cross site scripting	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.06	CVE-2023-1569
15	Apache HTTP Server mod_reqtimeout denial of service	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01696	0.00	CVE-2007-6750
16	Apple tvOS WebKit buffer overflow	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01416	0.00	CVE-2019-8673
17	Apple tvOS WebKit buffer overflow	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96068	0.02	CVE-2019-8672
18	Oracle Database Server Core RDBMS Privilege Escalation	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00113	0.02	CVE-2011-2253

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	58.218.200.2		Hexmen	13/02/2022	verified	Alto
2	103.42.180.113		Hexmen	13/02/2022	verified	Alto
3	103.230.108.85		Hexmen	13/02/2022	verified	Alto
4	114.115.209.191	ecs-114-115-209-191.compute.hwclouds-dns.com	Hexmen	13/02/2022	verified	Alto
5	119.28.133.78		Hexmen	13/02/2022	verified	Alto
6	119.249.54.119		Hexmen	13/02/2022	verified	Alto
7	121.18.238.80	hebei.18.121.in-addr.arpa	Hexmen	13/02/2022	verified	Alto
8	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
9	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
10	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
11	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
12	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
13	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
14	XXX.XX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
15	XXX.XXX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
16	XXX.XX.XXX.XXX		Xxxxxx	13/02/2022	verified	Alto
17	XXX.XX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
18	XXX.XX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
19	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
20	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
21	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
22	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
23	XXX.XXX.X.XX		Xxxxxx	13/02/2022	verified	Alto
24	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
25	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
26	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
27	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
28	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
29	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
30	XXX.XXX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
31	XXX.XXX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
32	XXX.XXX.XXX.XXX		Xxxxxx	13/02/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
2	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/ecommerce/admin/settings/setDiscount.php	predictive	Alto
2	File	/wireless/guestnetwork.asp	predictive	Alto
3	File	/wireless/security.asp	predictive	Alto
4	File	xxxxx/xxxxx_xxxxx.xxx	predictive	Alto
5	File	xxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	Alto
6	File	xxx_xx.xxx	predictive	Media
7	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	Alto
8	File	xxx_xxx.xxx	predictive	Media
9	File	xxxx.xxx	predictive	Media
10	File	xxx.xxx	predictive	Basso
11	Argument	xxxx	predictive	Basso
12	Argument	xxxxxx_xxx_xx	predictive	Alto
13	Argument	xxxxx/xxxxxxxx	predictive	Alto
14	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	Alto
15	Argument	xx	predictive	Basso
16	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
17	Argument	x_xxxx	predictive	Basso
18	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	Alto
19	Input Value	<xxxxxx>xxxxx('x')</xxxxxx>	predictive	Alto
20	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	Alto
21	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	Alto
22	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	Alto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you know our Splunk app?

Download it now for free!